Downloads Resources over HTTP in adamvr-geoip-lite

Affected versions of adamvr-geoip-lite insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. This could impact the integrity and availability of the data being used to make geolocation decisions b...

IBM Settles Lawsuit Over Weather Channel App Data Privacy

IBM, the owner of the Weather Channel mobile app, has reached a settlement with the Los Angeles city attorney’s office after a 2019 lawsuit alleged that the app was deceiving its users in how it was using their geolocation data. The 2019 lawsuit claimed, the app’s permission prompt for users to...

SUSE-SU-2020:14456-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: - Fix broken translation-loading boo1173991 allow addon sideloading mark signatures for langpacks non-mandatory do not autodisable user profile scopes - Google API key is not usable for geolocation service any more - Mozilla Firefox 78.1...

NSA Releases Guidance on Limiting Location Data Exposure

The National Security Agency NSA has released an information sheet with guidance on how to limit location data exposure for National Security System NSS / Department of Defense DoD system users, as well as the general public. NSA outlines mobile device geolocation services and provides...

The vulnerability of the Windows Geolocation Framework in Windows operating systems allows attackers to exploit their privileges.

The vulnerability of the Windows Geolocation Framework in Windows operating systems is related to errors in object handling in memory. Exploiting this vulnerability can allow an attacker to enhance their privileges through a specially created application...

Microsoft Windows Geolocation Framework Elevation of Privilege Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. A security vulnerability exists in the way memory objects are handled in the Microsoft...

CVE-2020-1394

An elevation of privilege vulnerability exists in the way that the Windows Geolocation Framework handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1388, CVE-2020-1392, CVE-2020-1395...

CVE-2020-1394

An elevation of privilege vulnerability exists in the way that the Windows Geolocation Framework handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1388, CVE-2020-1392, CVE-2020-1395...

Privilege escalation

An elevation of privilege vulnerability exists in the way that the Windows Geolocation Framework handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1388, CVE-2020-1392, CVE-2020-1395...

CVE-2020-1394

An elevation of privilege vulnerability exists in the way that the Windows Geolocation Framework handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1388, CVE-2020-1392, CVE-2020-1395...

CVE-2020-1394

CVE-2020-1394 relates to an elevation-of-privilege in the Windows Geolocation Framework. Connected CNVD/EUVD entries describe the root cause as improper handling of memory objects within the Geolocation Framework, allowing a local attacker to elevate privileges and execute arbitrary code by runni...

Windows Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in the way that the Windows Geolocation Framework handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could r...

IRCCloud: IDOR with Geolocation data not stripped from images

Vulnerable URL :- https://usercontent.irccloud-cdn.com/file/0wXMTrPu/hgjbk Vulnerability Discription: When an image is taken using a smartphone or camera certain metadata fields are often attached to it. These fields could include the model of the camera, the time it was taken, whether the flash...

Steganography Anchors Pinpoint Attacks on Industrial Targets

A targeted series of attacks on suppliers of equipment and software for industrial enterprises is playing out globally, researchers said, hinging on phishing and a steganography tactic to hide malware on public, legitimate image resources. According to Kaspersky ICS CERT, the attacks seem bent on...

Going dark: encryption and law enforcement

UPDATE, 05/22/2020: In the advent of the EARN IT Act, the debate on government subversion of encryption has reignited. Given that the material conditions of the technology have not changed, and the arguments given in favor of the bill are not novel, we've decided to republish the following blog...

Hiding in plain sight: PhantomLance walks into a market

In July 2019, Dr. Web reported about a backdoor trojan in Google Play, which appeared to be sophisticated and unlike common malware often uploaded for stealing victims' money or displaying ads. So, we conducted an inquiry of our own, discovering a long-term campaign, which we dubbed "PhantomLance...

Excelerating Analysis, Part 2 — X[LOOKUP] Gon’ Pivot To Ya

In December 2019, we published a blog post on augmenting analysis using Microsoft Excel for various data sets for incident response investigations. As we described, investigations often include custom or proprietary log formats and miscellaneous, non-traditional forensic artifacts. There are, of...

CVE-2020-12271: Sophos XG Firewall Pre-Auth SQL Injection Vulnerability

A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration HTTPS service or the User Portal exposed on the WAN zone. A successful attack...

Sherloq - An Open-Source Digital Image Forensic Toolset

An open source image forensic toolset Introduction "Forensic ImageAnalysis is the application of image science and domain expertise to interpret the content of an image and/or the image itself in legal matters. Major subdisciplines of Forensic Image Analysis with law enforcement applications...

MonitorMinor: vicious stalkerware?

Updated March 17th, 2020 The other day, our Android traps ensnared an interesting specimen of commercial software that is positioned as a parental control app, but may also be used to secretly monitor family members or colleagues – or, in other words, for stalking. Such apps are often called...